Cypherpunks repositories - gostls13.git/commit

]> Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Wed, 17 Aug 2016 22:55:15 +0000 (15:55 -0700)
committer	Adam Langley <agl@golang.org>
	Wed, 17 Aug 2016 23:47:18 +0000 (23:47 +0000)
commit	59aeac20c0412442848982a9287b4bab66c25682
tree	cdb1e362a35fa08d9e89c04c18141f206e7ca0d2	tree
parent	57370a87d80be0ab588eb8bb9a5e2a31f4613355	commit \| diff

crypto/x509: require a NULL parameters for RSA public keys.

The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA
public key must be NULL. BoringSSL enforces this so we have strong
evidence that this is a widely compatible change.

Embarrassingly enough, the major source of violations of this is us. Go
used to get this correct in only one of two places. This was only fixed
in 2013 (with 4874bc9b). That's why lots of test certificates are
updated in this change.

Fixes #16166.

Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab
Reviewed-on: https://go-review.googlesource.com/27312
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

63 files changed:

src/crypto/tls/conn_test.go		diff \| blob \| history
src/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ALPN		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ALPN-NoMatch		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-SCT		diff \| blob \| history
src/crypto/tls/testdata/Server-SSLv3-RSA-3DES		diff \| blob \| history
src/crypto/tls/testdata/Server-SSLv3-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Server-SSLv3-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv10-RSA-3DES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv10-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv10-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv11-FallbackSCSV		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv11-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ALPN		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-IssueTicket		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-3DES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-Resume		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-SNI		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound		diff \| blob \| history
src/crypto/x509/x509.go		diff \| blob \| history
src/crypto/x509/x509_test.go		diff \| blob \| history
src/net/smtp/smtp_test.go		diff \| blob \| history

Go GOST TLS 1.3

RSS Atom